2ec168e83c18f586b6e7a2499fdd8788_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2ec168e83c18f586b6e7a2499fdd8788_JaffaCakes118
Size

2.4MB
MD5

2ec168e83c18f586b6e7a2499fdd8788
SHA1

775cf25eedb7bfc72bc125f68a6c9b7c5f58aabd
SHA256

1531f22782c7dff1a8d640a457858bbd24f0d3293b6507a23c26c2580c8051fc
SHA512

cbfee28bf3a0b1e0b5f9ef11f809f5dec6df4584b0d59d0295994c4eb0f22f85d877d1968bcf8e26ddec646b7a1efaf18f7b09fe933a71d3d948fc477a461f7f
SSDEEP

49152:hFtVQn4aiu7770YjXWfpqeaA83ZTAERGCWRsaYIYS8IS5nVvJ4YxUosezFuMQy1:h9I4EnAYjmfNPkMBCWhYIYBIS5nVvJRj

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack002/$PLUGINSDIR/System.dll

Files

2ec168e83c18f586b6e7a2499fdd8788_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:d5:30:ef:28:e8:b2:97:5c:4c:23:9b:65:df:57:e5:10:ed:87:4f
Signer

Actual PE Digest

2c:d5:30:ef:28:e8:b2:97:5c:4c:23:9b:65:df:57:e5:10:ed:87:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 4.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/PublisherLogoDefault.bmp
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/alerts_icon.bmp
$PLUGINSDIR/home_icon.bmp
$PLUGINSDIR/license.txt
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/revert_icon.bmp
$PLUGINSDIR/search_icon.bmp
$PLUGINSDIR/setup_top.bmp
$PLUGINSDIR/truste_setup.bmp
$TEMP/SPStub.exe
.exe windows:5 windows x86 arch:x86

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b7:bf:05:61:32:c1:22:f2:b3:29:a4:ee:19:08:a6:67:df:9b:00:9f
Signer

Actual PE Digest

b7:bf:05:61:32:c1:22:f2:b3:29:a4:ee:19:08:a6:67:df:9b:00:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

917ae9b9adb269abd5543f5bf5676bac

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:cc:a5:24:8b:f6:3f:d7:e8:f0:66:8a:50:51:b3:bc:7c:15:da:0f
Signer

Actual PE Digest

25:cc:a5:24:8b:f6:3f:d7:e8:f0:66:8a:50:51:b3:bc:7c:15:da:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcschr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
wcsrchr
wcstoul
memset
wcsstr
wcstol

kernel32

DeleteFileW
WideCharToMultiByte
CreateFileA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleW
MulDiv
lstrcpyW
GlobalAlloc
LoadLibraryW
GetProcAddress
lstrcmpiW
lstrlenW
WriteFile
ReadFile
lstrcmpW
lstrcpynW
GetLastError
CreateFileW
GlobalFree
CloseHandle
SleepEx
SetFilePointer
GetTickCount
lstrcatW
GetFileSize

user32

MessageBoxW
GetParent
ShowWindow
SetWindowLongW
IsWindow
SetWindowTextW
SendDlgItemMessageW
GetDlgItem
PostMessageW
GetWindowTextW
SendMessageW
SetDlgItemTextW
SetWindowPos
SystemParametersInfoW
GetClientRect
GetWindowRect
SetTimer
LoadIconW
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
IsWindowVisible
EnableWindow
CreateDialogParamW
FindWindowExW
wsprintfA
wsprintfW
GetWindowLongW

wininet

HttpSendRequestW
HttpSendRequestExW
HttpQueryInfoW
FtpCreateDirectoryW
FtpOpenFileW
InternetGetLastResponseInfoW
InternetSetFilePointer
InternetSetOptionW
InternetQueryOptionW
HttpAddRequestHeadersA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestW
HttpAddRequestHeadersW
HttpEndRequestW
InternetConnectW
InternetCrackUrlW
InternetOpenW
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/ToolbarHelper.exe
.exe windows:5 windows x86 arch:x86

7b25d62fac6a93a74552bdc3dd699b98

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:f2:3d:cc:93:55:ab:6d:73:01:69:23:5b:cc:8c:e8:25:b7:8e:77
Signer

Actual PE Digest

77:f2:3d:cc:93:55:ab:6d:73:01:69:23:5b:cc:8c:e8:25:b7:8e:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Conduit\RnD\Client\IE\Dev\6.12\6.12.0\ToolbarHelper\Release\ToolbarHelper.pdb

Imports

kernel32

GetCommandLineW
LocalFree
LoadLibraryW
GetProcAddress
FreeLibrary
WideCharToMultiByte
WriteConsoleW
SetStdHandle
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetLastError
SetLastError
GetCurrentThreadId
MultiByteToWideChar
HeapFree
HeapAlloc
RaiseException
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
Sleep
RtlUnwind
GetStringTypeW
LCMapStringW
LoadLibraryExW
OutputDebugStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapReAlloc
SetFilePointerEx
HeapSize
CloseHandle
CreateFileW

shell32

CommandLineToArgvW

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/toolbar.cfg
$_214_/$_214_/$_219_
.dll regsvr32 windows:5 windows x86 arch:x86

90e03e8777b94714012c80a85d64013c

Code Sign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Conduit\RnD\Client\IE\Dev\5.4\SingleComponent\Alert\Release\Alert.pdb

Imports

winmm

timeGetTime

user32

GetCapture
ReleaseCapture
GetIconInfo
CopyRect
CharLowerBuffA
SetWindowTextW
SetWindowRgn
CreateDialogParamW
DialogBoxParamW
EnableWindow
EndDialog
SetLayeredWindowAttributes
GetSysColor
SystemParametersInfoW
EnumChildWindows
GetClassNameW
SetCapture
GetMonitorInfoA
RegisterWindowMessageW
DrawFocusRect
GetDC
ReleaseDC
SetDlgItemTextW
IsWindow
GetDlgItem
PostMessageA
SetTimer
KillTimer
PostThreadMessageA
DestroyWindow
DefWindowProcA
GetWindowLongA
SendMessageA
FindWindowW
MonitorFromRect
GetWindowTextW
InflateRect
GetAsyncKeyState
IsWindowUnicode
GetSystemMetrics
IsChild
SetWindowLongW
CreateWindowExA
DrawIconEx
DispatchMessageW
GetMessageA
MsgWaitForMultipleObjects
DispatchMessageA
TranslateMessage
GetLastInputInfo
SendMessageW
PeekMessageA
GetDesktopWindow
ShowWindow
FindWindowExW
PostMessageW
GetWindowRect
GetClientRect
SetForegroundWindow
SetFocus
TrackPopupMenu
GetMenuItemCount
InsertMenuItemW
CreatePopupMenu
DestroyMenu
FindWindowExA
LoadImageW
DestroyIcon
SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
GetClassInfoW
RegisterClassW
GetWindowRgn
SetWindowLongA
CallWindowProcA
GetParent
BeginPaint
EndPaint
SetParent
MoveWindow
IsWindowVisible
CreateWindowExW
GetWindowLongW
DefWindowProcW
CallWindowProcW
FillRect
LoadCursorA
SetCursor
GetCursorPos
ClientToScreen
ScreenToClient
OffsetRect
PtInRect
DrawTextW
InvalidateRect
SetWindowPos
wsprintfW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

urlmon

URLDownloadToFileW
ObtainUserAgentString

kernel32

GetExitCodeThread
CreateThread
GetModuleFileNameW
GetModuleHandleW
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentThreadId
TerminateThread
CreateMutexW
GetLastError
ReleaseMutex
CloseHandle
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
CreateFileA
ReadFile
FindClose
InterlockedExchange
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringA
CreateFileW
GetFileSize
VirtualAlloc
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FindFirstFileW
CopyFileW
RemoveDirectoryW
MoveFileExW
FindNextFileW
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapSize
SetLastError
InterlockedIncrement
TlsFree
GetFileType
GetConsoleMode
GetConsoleCP
MoveFileW
HeapReAlloc
HeapAlloc
GetCommandLineA
ResumeThread
ExitThread
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetProcessHeap
HeapFree
GetLocalTime
WriteFile
CreateDirectoryW
SystemTimeToFileTime
SetFilePointer
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
GlobalAlloc
GlobalLock
LoadLibraryA
GlobalUnlock
GetSystemTimeAsFileTime
SizeofResource
SetThreadPriority
GetCurrentThread
GetLongPathNameW
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringW
LockResource
LoadResource
FindResourceW
LocalFree
LocalAlloc
OpenProcess
GetCurrentProcessId
GetCurrentProcess
GetVersionExA
DeleteFileW
SetFileAttributesW
GetFileAttributesW
TerminateProcess
MulDiv
lstrcpyW
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetComputerNameW
GlobalFree

gdi32

CreateRectRgn
GetBkMode
GetBkColor
GetPixel
SetPixel
PlgBlt
SelectPalette
RealizePalette
GdiFlush
OffsetRgn
GetObjectA
CombineRgn
SetLayout
GetDeviceCaps
CreateFontIndirectW
GetWindowOrgEx
SetWindowOrgEx
MoveToEx
LineTo
FrameRgn
GetTextColor
GetLayout
SetTextColor
SetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
ExcludeClipRect
Rectangle
BitBlt
DeleteDC
CreateSolidBrush
CreatePen
SelectObject
RoundRect
DeleteObject
SetBkMode
GetStockObject

shell32

SHGetFolderPathW
ShellExecuteW
SHCreateDirectoryExW
Shell_NotifyIconW

ole32

IIDFromString
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoCreateGuid
StringFromGUID2
CoInitialize
CoUninitialize
CLSIDFromString

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString
SysStringLen
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen
OleLoadPicture

psapi

GetProcessMemoryInfo

shlwapi

PathFileExistsW

comctl32

_TrackMouseEvent
ord17

wininet

InternetCrackUrlW
InternetOpenW
InternetSetOptionW
InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetCanonicalizeUrlA

crypt32

CryptQueryObject
CertCloseStore
CryptMsgClose
CertFreeCertificateContext
CertGetNameStringW
CertGetNameStringA
CertFindCertificateInStore
CryptMsgGetParam

advapi32

RegDeleteValueW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegCreateKeyW
RegEnumValueW
RegEnumKeyExW
SetSecurityDescriptorSacl
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllOnUpdateFinish
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 410KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_48_
.dll regsvr32 windows:5 windows x86 arch:x86

c141380dbed64a927bf656b6173ebdc7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:90:87:b2:73:8d:52:cc:bc:ba:69:f9:f5:f5:49:04:9f:e2:bc:ee
Signer

Actual PE Digest

1f:90:87:b2:73:8d:52:cc:bc:ba:69:f9:f5:f5:49:04:9f:e2:bc:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Conduit\RnD\Client\IE\Dev\6.15\6.15.0\Release\tbedrs.pdb

Imports

comctl32

ord17
CreateToolbarEx
InitCommonControlsEx
CreatePropertySheetPageW
PropertySheetW
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_Create

wininet

InternetQueryOptionA
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetGetCookieW
InternetSetOptionA
InternetCloseHandle
InternetSetCookieW
InternetConnectA
InternetGetLastResponseInfoA
HttpQueryInfoA
HttpSendRequestA
InternetSetOptionExA
HttpOpenRequestA
InternetOpenA
InternetCrackUrlA
InternetReadFile
InternetOpenUrlW
InternetSetOptionW
InternetCanonicalizeUrlA
InternetGetConnectedState
InternetOpenW
GetUrlCacheEntryInfoW

wsock32

WSAStartup
closesocket
select
WSAGetLastError
gethostbyname
WSACleanup
recv
setsockopt
WSASetLastError
ioctlsocket
htons
connect
send
socket

urlmon

ObtainUserAgentString
URLDownloadToFileW

crypt32

CertFindCertificateInStore
CertGetNameStringA
CertGetNameStringW
CryptMsgGetParam
CryptQueryObject
CryptProtectData
CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CryptUnprotectData

msimg32

GradientFill

winmm

timeGetTime
sndPlaySoundW
PlaySoundA
PlaySoundW

kernel32

ReleaseMutex
GetLastError
GetCurrentThreadId
CloseHandle
Sleep
TerminateProcess
TerminateThread
lstrlenW
lstrlenA
GetVersionExW
SetEnvironmentVariableA
SetEndOfFile
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetOEMCP
GetACP
IsValidCodePage
HeapSize
ExitProcess
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
InitializeCriticalSectionAndSpinCount
WriteConsoleW
GetModuleHandleExW
GetStdHandle
GetFileType
GetConsoleCP
ReadConsoleW
GetConsoleMode
RtlUnwind
RaiseException
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
LoadLibraryExW
ExitThread
HeapReAlloc
DecodePointer
EncodePointer
InterlockedExchange
GetShortPathNameW
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateMutexW
TlsFree
TlsGetValue
TlsAlloc
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
GetOverlappedResult
WriteFile
SetNamedPipeHandleState
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
MoveFileExW
FindClose
FindNextFileW
RemoveDirectoryW
FindFirstFileW
GetFileTime
GetSystemTimeAsFileTime
GetComputerNameW
IsWow64Process
GetEnvironmentVariableW
HeapFree
GetProcessHeap
HeapAlloc
SetFileAttributesW
DeleteFileW
GetVersionExA
OpenEventW
OpenMutexW
LocalAlloc
ReadFile
GlobalLock
GlobalAlloc
GetFileSize
CreateFileW
LoadLibraryA
GlobalFree
GlobalUnlock
SizeofResource
MulDiv
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringW
MultiByteToWideChar
WideCharToMultiByte
SetLastError
GetUserDefaultLCID
GetLongPathNameW
CreateDirectoryW
WaitForMultipleObjects
CreateEventA
SetEvent
Thread32Next
Thread32First
SetThreadPriority
GetCurrentThread
GetThreadPriority
ResumeThread
GetThreadContext
SuspendThread
OpenThread
VirtualFree
VirtualAlloc
VirtualQuery
GetSystemInfo
FlushInstructionCache
VirtualProtectEx
GetCurrentProcess
CreateProcessW
ExpandEnvironmentStringsW
GetLocaleInfoW
Beep
GetTimeFormatW
GetDateFormatW
GetLocalTime
SystemTimeToFileTime
GetTempPathW
FreeResource
LockResource
LoadResource
FindResourceW
GetFileAttributesW
GetStringTypeW
GetModuleHandleA
GetSystemDirectoryW
CreateRemoteThread
LocalFree
lstrcpyA
lstrcpyW
InterlockedIncrement
LoadLibraryW
GetModuleHandleW
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
WaitForSingleObject
CreateThread
OpenProcess
GetModuleFileNameW
FreeLibrary
InterlockedDecrement
GetProcAddress
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
CopyFileW
GetTickCount
TlsSetValue
CreateEventW
LoadLibraryExA

user32

SendMessageA
ShowWindow
MoveWindow
SetWindowTextW
SetWindowTextA
wsprintfW
SetDlgItemTextW
GetClientRect
GetWindowRect
GetDlgCtrlID
GetWindowLongW
GetParent
ClientToScreen
SetWindowLongW
CallWindowProcA
PostMessageA
LoadCursorW
GetMessageW
PeekMessageW
MessageBoxW
IsRectEmpty
RegisterClassExW
GetClassInfoExW
SetClassLongA
CopyRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CharUpperW
IsWindow
GetDlgItem
InvalidateRect
InflateRect
SetLayeredWindowAttributes
LoadImageW
GetWindowRgn
MessageBeep
GetActiveWindow
IsDialogMessageW
IsDialogMessageA
SetDlgItemInt
GetKeyState
SetForegroundWindow
GetDlgItemTextA
SetClassLongW
RemovePropW
FrameRect
DrawFrameControl
AllowSetForegroundWindow
DeferWindowPos
DrawEdge
MsgWaitForMultipleObjects
PeekMessageA
PostThreadMessageA
SetParent
GetDlgItemTextW
GetScrollInfo
GetMenuState
SetMenuItemInfoW
EnableMenuItem
DeleteMenu
TrackPopupMenu
InsertMenuItemA
CreatePopupMenu
DestroyMenu
GetMenuItemID
SetMenuInfo
GetMenuInfo
IsMenu
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
CharLowerBuffA
EnableWindow
IsDlgButtonChecked
CheckDlgButton
GetUpdateRect
GetCapture
DispatchMessageA
DispatchMessageW
TranslateMessage
ReleaseCapture
GetMessageA
SetCapture
SetActiveWindow
EndPaint
BeginPaint
SetRect
OffsetRect
DrawIconEx
GetIconInfo
DestroyIcon
GetMenuItemRect
FillRect
UnregisterClassA
CheckMenuItem
GetMenuItemInfoW
GetMenuItemCount
FindWindowExW
GetWindowThreadProcessId
GetForegroundWindow
GetWindowTextLengthW
SendMessageW
EndDialog
FindWindowW
GetWindowTextW
GetAsyncKeyState
GetMenuItemInfoA
GetSystemMetrics
SetWindowRgn
RegisterWindowMessageA
GetClassNameW
DestroyWindow
CreateWindowExW
SetWindowLongA
GetWindowLongA
GetDesktopWindow
IsChild
GetFocus
KillTimer
GetSysColor
IsWindowUnicode
PostMessageW
SetWindowPos
RegisterClassW
GetClassInfoW
SetTimer
SetFocus
PtInRect
ScreenToClient
GetCursorPos
IsWindowVisible
SetRectEmpty
CallWindowProcW
GetPropW
SetPropW
DefWindowProcW
LoadCursorA
SetCursor
ReleaseDC
DrawTextW
GetDC
SystemParametersInfoW
DrawFocusRect
DialogBoxParamW
CreateDialogParamW
SendInput
IsIconic
GetLastInputInfo
RegisterWindowMessageW
MonitorFromRect
GetMonitorInfoA
EnumChildWindows
EnumWindows
GetClassNameA
SendMessageTimeoutA
DefWindowProcA

gdi32

StretchBlt
SetStretchBltMode
GetStretchBltMode
GetObjectW
FrameRgn
OffsetRgn
SetRectRgn
ExcludeClipRect
TextOutW
SetTextAlign
GetPixel
CombineRgn
BitBlt
CreateCompatibleBitmap
Polygon
GdiFlush
SetPixel
GetObjectA
GetTextAlign
GetLayout
GetTextExtentPoint32W
Rectangle
DeleteDC
CreateCompatibleDC
SetBkColor
CreateSolidBrush
CreateFontIndirectW
CreateRectRgn
DeleteObject
LineTo
MoveToEx
SelectObject
CreatePen
SetWindowOrgEx
GetWindowOrgEx
SetTextColor
SetBkMode
GetStockObject
RoundRect
GetDeviceCaps
PtInRegion
GetTextColor
SetLayout
SelectPalette
RealizePalette
PlgBlt
GetBkMode
GetBkColor
CreateDCW
GetDIBits

comdlg32

GetOpenFileNameW

advapi32

CryptDestroyHash
RegSetValueExW
RegCloseKey
RegDeleteKeyW
RegOpenKeyExA
RegDeleteKeyA
OpenProcessToken
DeleteAce
LookupAccountSidW
GetAce
GetNamedSecurityInfoW
SetEntriesInAclA
SetNamedSecurityInfoW
CryptAcquireContextA
RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
ConvertSidToStringSidA
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
CreateProcessAsUserW
GetLengthSid
SetTokenInformation
ConvertStringSidToSidW
DuplicateTokenEx
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorA
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
RegCreateKeyExW

shell32

SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteExW
ShellExecuteW

ole32

OleInitialize
CoUninitialize
IIDFromString
OleUninitialize
CLSIDFromString
CoCreateInstance
StringFromGUID2
CoInitializeEx
CreateStreamOnHGlobal
CoTaskMemFree
CoInitialize
StringFromIID
CoSetProxyBlanket
CoInitializeSecurity
CoCreateGuid
CoGetMalloc

oleaut32

SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
SafeArrayPutElement
SafeArrayCreateVector
SysAllocString
SysFreeString
CreateDispTypeInfo
VariantCopy
VariantInit
SafeArrayGetUBound
VariantChangeType
SysAllocStringByteLen
SysStringLen
VarBstrCmp
SysAllocStringLen
OleLoadPicture
VariantClear
SysStringByteLen

psapi

GetProcessMemoryInfo
EnumProcesses
GetModuleBaseNameW
GetModuleFileNameExW
EnumProcessModules
GetProcessImageFileNameW

shlwapi

PathFindFileNameW
SHDeleteKeyA
UrlEscapeW
PathFileExistsW
StrCpyW

dnsapi

DnsQuery_A

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

DLLOnUninstallEraseAll
DllAddInstalltionGlobalKey
DllBrowserSearchProtectorRevert
DllCallInstallerService
DllCanUnloadNow
DllCleanEnableExtensionDoing
DllConnectToIE
DllDeleteOldName
DllEnableExtension
DllExpireSocialCookies
DllGetClassObject
DllGetInstallFileNameExt
DllGetInstallFileNameExtW
DllGetInstallationId
DllGetMachineID
DllHandleUserID
DllHomePageProtectorRevert
DllModifySearchEngine
DllModifySearchEngineNonSilent
DllModifySearchEngineSilent
DllOnUninstall
DllOnUpdateFinish
DllProxyRegisterEngineEmbeddedUpdate
DllProxyRegisterServer
DllProxyUnregisterServer
DllRegisterEngineEmbeddedUpdate
DllRegisterServer
DllRevertIENewTabBehaviour
DllRunIEMediumIntegrity
DllRunNonSilentInstall
DllSendAutoUpdateRevertLog
DllSendHomepageSetUsage
DllSendInstallationUsage
DllShowUninstallDialog
DllSingleComponentInstall
DllUnblockToolbarIfNeeded
DllUpdate
DllVerifyEnableExtension
DllWriteSocialCookies

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 817KB - Virtual size: 816KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 185KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 474KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 299KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_65_
.dll regsvr32 windows:5 windows x86 arch:x86

90e709bf71fa1c8654ad2b8ead7ebfca

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

db:b7:c9:94:78:fd:93:90:2b:0c:c8:cf:b3:16:2c:f3:fc:61:af:b1
Signer

Actual PE Digest

db:b7:c9:94:78:fd:93:90:2b:0c:c8:cf:b3:16:2c:f3:fc:61:af:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Conduit\RnD\Client\IE\Dev\6.15\6.15.0\ConduitProxy\Release\prxtbedrs.pdb

Imports

kernel32

CreateFileW
ReadFile
CopyFileW
GetCurrentThreadId
OutputDebugStringW
GetComputerNameW
InterlockedDecrement
TlsAlloc
TlsGetValue
TlsFree
TlsSetValue
SetFilePointer
WriteFile
SetLastError
InterlockedIncrement
GetLocalTime
EncodePointer
DecodePointer
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc
GetConsoleMode
GetFileSize
GetConsoleCP
GetFileType
LoadLibraryExW
RaiseException
RtlUnwind
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStringTypeW
LCMapStringW
FlushFileBuffers
SetFilePointerEx
SetStdHandle
WriteConsoleW
SetEndOfFile
InterlockedExchange
GetSystemTimeAsFileTime
GetLongPathNameW
LoadLibraryExA
WaitForSingleObject
HeapFree
GetProcessHeap
HeapAlloc
Sleep
GetModuleHandleW
DeleteFileW
GetVersionExA
CreateMutexW
GetTickCount
GetCurrentProcess
FreeLibrary
LoadLibraryW
TerminateProcess
GetLastError
OpenProcess
GetCurrentProcessId
LocalFree
LocalAlloc
CloseHandle
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
ReadConsoleW
GetModuleFileNameW

shlwapi

PathFileExistsW
PathFindFileNameW

user32

PostMessageA
IsWindowVisible
SendMessageA
RegisterWindowMessageW
IsWindow

advapi32

RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
OpenProcessToken
GetTokenInformation
GetSidSubAuthority
GetSidSubAuthorityCount
RegCloseKey
RegCreateKeyExW
GetUserNameW

shell32

SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllDeleteOldName
DllGetClassObject
DllGetInstallFileNameExt
DllIsDowngradeVersion
DllIsDowngradeVersionW
DllOnUninstall
DllOnUninstallEraseAll
DllOnUpdateFinish
DllRegisterEngineEmbeddedUpdate
DllRegisterServer
DllShowToolbarUninstallDialog
DllShowUninstallDialog
DllSingleComponentInstall
DllUnregisterServer

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_69_
.exe windows:5 windows x86 arch:x86

7b25d62fac6a93a74552bdc3dd699b98

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:f2:3d:cc:93:55:ab:6d:73:01:69:23:5b:cc:8c:e8:25:b7:8e:77
Signer

Actual PE Digest

77:f2:3d:cc:93:55:ab:6d:73:01:69:23:5b:cc:8c:e8:25:b7:8e:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Conduit\RnD\Client\IE\Dev\6.12\6.12.0\ToolbarHelper\Release\ToolbarHelper.pdb

Imports

kernel32

GetCommandLineW
LocalFree
LoadLibraryW
GetProcAddress
FreeLibrary
WideCharToMultiByte
WriteConsoleW
SetStdHandle
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetLastError
SetLastError
GetCurrentThreadId
MultiByteToWideChar
HeapFree
HeapAlloc
RaiseException
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
Sleep
RtlUnwind
GetStringTypeW
LCMapStringW
LoadLibraryExW
OutputDebugStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapReAlloc
SetFilePointerEx
HeapSize
CloseHandle
CreateFileW

shell32

CommandLineToArgvW

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_73_
.dll windows:5 windows x86 arch:x86

70f3a527ac6240fe0cd3e511fc881777

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

db:a1:87:3d:49:46:ad:e7:1b:09:fe:78:96:f2:c8:70:d0:f3:93:45
Signer

Actual PE Digest

db:a1:87:3d:49:46:ad:e7:1b:09:fe:78:96:f2:c8:70:d0:f3:93:45

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Conduit\RnD\Client\IE\Dev\6.15\6.15.0\ConduitLoader\Release\ldrtbedrs.pdb

Imports

kernel32

LocalFree
GetLastError
TerminateProcess
LoadLibraryA
CreateMutexW
CreateEventW
DeleteFileW
Sleep
HeapAlloc
GetProcessHeap
HeapFree
WaitForSingleObject
GetSystemTimeAsFileTime
CreateFileW
ReadFile
CopyFileW
InterlockedDecrement
LocalAlloc
TlsGetValue
TlsFree
TlsSetValue
SetFilePointer
WriteFile
SetLastError
WaitForMultipleObjects
TerminateThread
GetCurrentThread
SetThreadPriority
SetEvent
InterlockedIncrement
GetLocalTime
EncodePointer
DecodePointer
CreateThread
ExitThread
LoadLibraryExW
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetFileType
RaiseException
RtlUnwind
ExitProcess
GetModuleHandleExW
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStdHandle
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
SetFilePointerEx
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleW
SetEndOfFile
InterlockedExchange
GetComputerNameW
GetCurrentProcess
OpenProcess
GetVersionExA
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringW
GetCurrentProcessId
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
GetLongPathNameW
LoadLibraryW
GetModuleHandleW
FreeLibrary
GetTickCount
lstrcpyW
GetCurrentThreadId
GetModuleFileNameW
GetProcAddress
TlsAlloc
CloseHandle
LoadLibraryExA

user32

SetWindowLongW
ScreenToClient
SendMessageA
GetSysColor
GetParent
RegisterWindowMessageW
ReleaseDC
DrawTextW
GetDC
GetClassNameW
MoveWindow
KillTimer
DefWindowProcW
SendMessageW
GetClientRect
RegisterClassW
LoadCursorW
GetClassInfoW
InsertMenuW
ShowWindow
SetWindowPos
GetWindowRect
DestroyWindow
IsWindow
CreateWindowExW
IsChild
GetFocus
SetFocus
SetTimer
IsWindowVisible
PostMessageA
LoadCursorA
CallWindowProcW
CallWindowProcA
SetCursor
GetAsyncKeyState
DefWindowProcA
IsWindowUnicode

gdi32

SetTextColor
SetBkMode
SetWindowOrgEx
GetWindowOrgEx
DeleteDC
GetStockObject
BitBlt
SetLayout
CreateCompatibleBitmap
CreateCompatibleDC
GetLayout
Rectangle
CreateSolidBrush
DeleteObject
SelectObject
CreatePen

ole32

StringFromGUID2
CLSIDFromString
CoTaskMemFree

shlwapi

PathFindFileNameW
PathFileExistsW

advapi32

RegQueryInfoKeyW
GetTokenInformation
OpenProcessToken
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyW
GetSidSubAuthority
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
GetSidSubAuthorityCount
GetUserNameW
RegCreateKeyExW
RegCloseKey

shell32

SHCreateDirectoryExW
SHGetFolderPathW

Exports

Exports

DllCanUnloadNow
DllDeleteOldName
DllGetClassObject
DllGetInstallFileNameExt
DllOnUninstall
DllOnUninstallEraseAll
DllOnUpdateFinish
DllProxyRegisterEngineEmbeddedUpdate
DllProxyRegisterServer
DllProxyUnregisterServer
DllShowToolbarUninstallDialog
DllShowUninstallDialog
DllSingleComponentInstall

Sections

.text
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_74_
.dll windows:5 windows x86 arch:x86

7ee3b7fc0005228723789103c1f86322

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c9:53:91:b8:e3:32:68:79:d8:8c:ad:12:a9:0e:79:de:0e:9d:97:cd
Signer

Actual PE Digest

c9:53:91:b8:e3:32:68:79:d8:8c:ad:12:a9:0e:79:de:0e:9d:97:cd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Conduit\RnD\Client\IE\Dev\6.15\6.15.0\Release\hktbedrs.pdb

Imports

wininet

InternetCanonicalizeUrlA
InternetSetCookieW
InternetGetCookieW

kernel32

GetConsoleMode
ReadConsoleW
GetConsoleCP
RaiseException
RtlUnwind
ExitProcess
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
IsValidCodePage
GetACP
GetOEMCP
SetLastError
Thread32Next
Thread32First
CreateToolhelp32Snapshot
SetThreadPriority
GetCurrentThread
GetThreadPriority
Sleep
ResumeThread
GetThreadContext
SuspendThread
OpenThread
VirtualFree
VirtualAlloc
VirtualQuery
GetSystemInfo
FlushInstructionCache
VirtualProtectEx
GetCurrentProcess
GetTickCount
GetShortPathNameW
GetLongPathNameW
GetModuleFileNameW
ReleaseMutex
GetSystemDirectoryW
WaitForSingleObject
GetLastError
CreateRemoteThread
GetModuleHandleW
FindClose
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetCurrentProcessId
CloseHandle
GetProcAddress
FreeLibrary
LoadLibraryW
GetCurrentThreadId
GetCPInfo
HeapReAlloc
SetEnvironmentVariableA
SetEndOfFile
SetStdHandle
LCMapStringW
CompareStringW
GetTimeZoneInformation
SetFilePointerEx
GetStringTypeW
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleA
OutputDebugStringW
GetVersionExA
IsWow64Process
Process32First
Process32Next
GetComputerNameW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FindResourceW
LoadResource
LockResource
SizeofResource
LocalAlloc
LocalFree
TerminateProcess
Module32First
Module32Next
LoadLibraryA
CreateMutexW
CreateEventW
OpenEventW
DeleteFileW
SetFileAttributesW
MulDiv
HeapAlloc
GetProcessHeap
HeapFree
GetEnvironmentVariableW
WaitForMultipleObjects
TerminateThread
GetLocalTime
GetDateFormatW
GetTimeFormatW
InterlockedDecrement
GetSystemTimeAsFileTime
GetFileSize
CreateFileW
ReadFile
CopyFileW
FindFirstFileW
RemoveDirectoryW
FindNextFileW
IsProcessorFeaturePresent
MoveFileExW
InterlockedIncrement
lstrcpyW
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
SetEvent
TlsAlloc
TlsGetValue
TlsFree
TlsSetValue
SetFilePointer
WriteFile
EncodePointer
DecodePointer
CreateThread
ExitThread
LoadLibraryExW
GetCommandLineA
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
IsDebuggerPresent
GetModuleFileNameA

user32

GetWindowRect
GetDC
DrawTextW
ReleaseDC
RegisterWindowMessageW
FillRect
OffsetRect
GetParent
GetSysColor
ScreenToClient
GetWindowLongW
SetWindowLongW
SystemParametersInfoW
GetWindowLongA
EnumWindows
IsWindowVisible
SetForegroundWindow
IsWindowUnicode
DispatchMessageA
KillTimer
SetTimer
DestroyWindow
ShowWindow
MoveWindow
SetLayeredWindowAttributes
DialogBoxParamW
GetClientRect
SetWindowLongA
InflateRect
DrawFocusRect
InvalidateRect
GetAsyncKeyState
PtInRect
CallWindowProcW
CallWindowProcA
SetCursor
LoadCursorA
CharUpperW
DefWindowProcA
DestroyIcon
LoadImageW
GetIconInfo
DrawIconEx
SendMessageW
SetWindowPos
SetWindowTextW
GetMenuItemCount
GetMenuItemInfoW
CheckMenuItem
GetClassNameW
PostMessageW
SendMessageA
EnableWindow
GetWindowTextLengthW
SetRect
DefWindowProcW
EndDialog
GetPropW
SetPropW
PostMessageA
GetWindowTextW
GetDlgItem
GetClassInfoW
RegisterClassW
CreateWindowExW
IsWindow
GetMessageA
TranslateMessage
DispatchMessageW
GetWindowThreadProcessId

gdi32

PlgBlt
RealizePalette
SelectPalette
SetPixel
GetPixel
GetObjectA
SetBkColor
GdiFlush
SetTextColor
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
DeleteObject
GetTextColor
CreateFontIndirectW
GetDeviceCaps
SetWindowOrgEx
GetWindowOrgEx
SetLayout
GetStockObject
GetLayout
Rectangle
CreateSolidBrush
LineTo
MoveToEx
SetBkMode
CreatePen

shell32

ShellExecuteW
SHCreateDirectoryExW
ShellExecuteExW
SHGetFolderPathW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
SysStringLen
VariantCopy
OleLoadPicture

psapi

EnumProcessModules
GetModuleFileNameExW
GetProcessMemoryInfo
GetModuleBaseNameW
GetProcessImageFileNameW
EnumProcesses

shlwapi

PathFindFileNameW
PathFileExistsW
StrCpyW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CertFreeCertificateContext
CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringA
CryptMsgClose
CertCloseStore
CertGetNameStringW

comctl32

ord17
_TrackMouseEvent

urlmon

ObtainUserAgentString

gdiplus

GdipFree
GdipAlloc
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDisposeImage
GdipDrawImageRectRect
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromFile
GdiplusStartup
GdipCreateBitmapFromStream

advapi32

RegOpenKeyExW
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegCreateKeyW
RegDeleteKeyW
RegOpenKeyW
RegEnumKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
GetUserNameW
ConvertStringSecurityDescriptorToSecurityDescriptorA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl

Exports

Exports

DllConnectToIE

Sections

.text
Size: 554KB - Virtual size: 554KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 161KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_75_
.dll windows:5 windows x64 arch:x64

36872823beef28c2368335945bd87740

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:f7:66:7b:1f:ea:da:ca:52:3c:42:14:16:99:ba:fb:c5:34:38:47
Signer

Actual PE Digest

5f:f7:66:7b:1f:ea:da:ca:52:3c:42:14:16:99:ba:fb:c5:34:38:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Conduit\RnD\Client\IE\Dev\6.15\6.15.0\Release\hk64tbedrs.pdb

Imports

wininet

InternetCanonicalizeUrlA
InternetSetCookieW
InternetGetCookieW

kernel32

RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
HeapSize
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
IsValidCodePage
GetACP
SetLastError
Thread32Next
Thread32First
CreateToolhelp32Snapshot
SetThreadPriority
GetCurrentThread
GetThreadPriority
Sleep
ResumeThread
GetThreadContext
SuspendThread
OpenThread
VirtualFree
VirtualAlloc
VirtualQuery
GetSystemInfo
FlushInstructionCache
VirtualProtectEx
GetCurrentProcess
GetTickCount
GetShortPathNameW
GetLongPathNameW
GetModuleFileNameW
ReleaseMutex
GetSystemDirectoryW
WaitForSingleObject
GetLastError
CreateRemoteThread
GetModuleHandleW
MoveFileExW
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetCurrentProcessId
CloseHandle
GetProcAddress
FreeLibrary
LoadLibraryW
GetCurrentThreadId
GetOEMCP
GetConsoleCP
SetEnvironmentVariableA
SetEndOfFile
SetStdHandle
LCMapStringW
CompareStringW
GetTimeZoneInformation
SetFilePointerEx
GetStringTypeW
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleA
OutputDebugStringW
GetVersionExA
IsWow64Process
Process32First
Process32Next
GetComputerNameW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FindResourceW
LoadResource
LockResource
SizeofResource
LocalAlloc
LocalFree
TerminateProcess
Module32First
Module32Next
LoadLibraryA
CreateMutexW
CreateEventW
OpenEventW
DeleteFileW
SetFileAttributesW
MulDiv
HeapAlloc
GetProcessHeap
HeapFree
GetEnvironmentVariableW
WaitForMultipleObjects
TerminateThread
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetSystemTimeAsFileTime
GetFileSize
CreateFileW
ReadFile
CopyFileW
FindFirstFileW
RemoveDirectoryW
FindNextFileW
FindClose
ReadConsoleW
lstrcpyW
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
SetEvent
TlsAlloc
TlsGetValue
TlsFree
TlsSetValue
SetFilePointer
WriteFile
EncodePointer
DecodePointer
CreateThread
ExitThread
LoadLibraryExW
GetCommandLineA
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc
GetConsoleMode
GetCPInfo

user32

GetWindowRect
GetDC
DrawTextW
ReleaseDC
RegisterWindowMessageW
FillRect
OffsetRect
GetParent
GetSysColor
ScreenToClient
GetWindowLongW
SetWindowLongW
SystemParametersInfoW
GetWindowLongA
EnumWindows
IsWindowVisible
SetForegroundWindow
IsWindowUnicode
DispatchMessageA
KillTimer
SetTimer
DestroyWindow
ShowWindow
MoveWindow
SetLayeredWindowAttributes
DialogBoxParamW
GetClientRect
SetWindowLongA
SetWindowLongPtrW
InflateRect
DrawFocusRect
InvalidateRect
GetAsyncKeyState
PtInRect
CallWindowProcW
CallWindowProcA
SetCursor
LoadCursorA
CharUpperW
DefWindowProcA
DestroyIcon
LoadImageW
GetIconInfo
DrawIconEx
SendMessageW
SetWindowPos
SetWindowTextW
GetMenuItemCount
GetMenuItemInfoW
CheckMenuItem
GetClassNameW
PostMessageW
SendMessageA
EnableWindow
GetWindowTextLengthW
SetRect
DefWindowProcW
EndDialog
GetPropW
SetPropW
PostMessageA
GetWindowTextW
GetDlgItem
GetClassInfoW
RegisterClassW
CreateWindowExW
IsWindow
GetMessageA
TranslateMessage
DispatchMessageW
GetWindowThreadProcessId

gdi32

PlgBlt
RealizePalette
SelectPalette
SetPixel
GetPixel
GetObjectA
SetBkColor
GdiFlush
SetTextColor
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
DeleteObject
GetTextColor
CreateFontIndirectW
GetDeviceCaps
SetWindowOrgEx
GetWindowOrgEx
SetLayout
GetStockObject
GetLayout
Rectangle
CreateSolidBrush
LineTo
MoveToEx
SetBkMode
CreatePen

shell32

ShellExecuteW
SHCreateDirectoryExW
ShellExecuteExW
SHGetFolderPathW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
SysStringLen
VariantCopy
OleLoadPicture

psapi

EnumProcessModules
GetModuleFileNameExW
GetProcessMemoryInfo
GetModuleBaseNameW
GetProcessImageFileNameW
EnumProcesses

shlwapi

PathFindFileNameW
PathFileExistsW
StrCpyW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CertFreeCertificateContext
CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringA
CryptMsgClose
CertCloseStore
CertGetNameStringW

comctl32

ord17
_TrackMouseEvent

urlmon

ObtainUserAgentString

gdiplus

GdipFree
GdipAlloc
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDisposeImage
GdipDrawImageRectRect
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromFile
GdiplusStartup
GdipCreateBitmapFromStream

advapi32

RegOpenKeyExW
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegCreateKeyW
RegDeleteKeyW
RegOpenKeyW
RegEnumKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
GetUserNameW
ConvertStringSecurityDescriptorToSecurityDescriptorA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl

Exports

Exports

DllConnectToIE

Sections

.text
Size: 614KB - Virtual size: 613KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 328KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 186KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

SHARED
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_88_
.dll regsvr32 windows:5 windows x86 arch:x86

c141380dbed64a927bf656b6173ebdc7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:90:87:b2:73:8d:52:cc:bc:ba:69:f9:f5:f5:49:04:9f:e2:bc:ee
Signer

Actual PE Digest

1f:90:87:b2:73:8d:52:cc:bc:ba:69:f9:f5:f5:49:04:9f:e2:bc:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Conduit\RnD\Client\IE\Dev\6.15\6.15.0\Release\tbedrs.pdb

Imports

comctl32

ord17
CreateToolbarEx
InitCommonControlsEx
CreatePropertySheetPageW
PropertySheetW
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_Create

wininet

InternetQueryOptionA
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetGetCookieW
InternetSetOptionA
InternetCloseHandle
InternetSetCookieW
InternetConnectA
InternetGetLastResponseInfoA
HttpQueryInfoA
HttpSendRequestA
InternetSetOptionExA
HttpOpenRequestA
InternetOpenA
InternetCrackUrlA
InternetReadFile
InternetOpenUrlW
InternetSetOptionW
InternetCanonicalizeUrlA
InternetGetConnectedState
InternetOpenW
GetUrlCacheEntryInfoW

wsock32

WSAStartup
closesocket
select
WSAGetLastError
gethostbyname
WSACleanup
recv
setsockopt
WSASetLastError
ioctlsocket
htons
connect
send
socket

urlmon

ObtainUserAgentString
URLDownloadToFileW

crypt32

CertFindCertificateInStore
CertGetNameStringA
CertGetNameStringW
CryptMsgGetParam
CryptQueryObject
CryptProtectData
CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CryptUnprotectData

msimg32

GradientFill

winmm

timeGetTime
sndPlaySoundW
PlaySoundA
PlaySoundW

kernel32

ReleaseMutex
GetLastError
GetCurrentThreadId
CloseHandle
Sleep
TerminateProcess
TerminateThread
lstrlenW
lstrlenA
GetVersionExW
SetEnvironmentVariableA
SetEndOfFile
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetOEMCP
GetACP
IsValidCodePage
HeapSize
ExitProcess
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
InitializeCriticalSectionAndSpinCount
WriteConsoleW
GetModuleHandleExW
GetStdHandle
GetFileType
GetConsoleCP
ReadConsoleW
GetConsoleMode
RtlUnwind
RaiseException
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
LoadLibraryExW
ExitThread
HeapReAlloc
DecodePointer
EncodePointer
InterlockedExchange
GetShortPathNameW
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateMutexW
TlsFree
TlsGetValue
TlsAlloc
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
GetOverlappedResult
WriteFile
SetNamedPipeHandleState
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
MoveFileExW
FindClose
FindNextFileW
RemoveDirectoryW
FindFirstFileW
GetFileTime
GetSystemTimeAsFileTime
GetComputerNameW
IsWow64Process
GetEnvironmentVariableW
HeapFree
GetProcessHeap
HeapAlloc
SetFileAttributesW
DeleteFileW
GetVersionExA
OpenEventW
OpenMutexW
LocalAlloc
ReadFile
GlobalLock
GlobalAlloc
GetFileSize
CreateFileW
LoadLibraryA
GlobalFree
GlobalUnlock
SizeofResource
MulDiv
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringW
MultiByteToWideChar
WideCharToMultiByte
SetLastError
GetUserDefaultLCID
GetLongPathNameW
CreateDirectoryW
WaitForMultipleObjects
CreateEventA
SetEvent
Thread32Next
Thread32First
SetThreadPriority
GetCurrentThread
GetThreadPriority
ResumeThread
GetThreadContext
SuspendThread
OpenThread
VirtualFree
VirtualAlloc
VirtualQuery
GetSystemInfo
FlushInstructionCache
VirtualProtectEx
GetCurrentProcess
CreateProcessW
ExpandEnvironmentStringsW
GetLocaleInfoW
Beep
GetTimeFormatW
GetDateFormatW
GetLocalTime
SystemTimeToFileTime
GetTempPathW
FreeResource
LockResource
LoadResource
FindResourceW
GetFileAttributesW
GetStringTypeW
GetModuleHandleA
GetSystemDirectoryW
CreateRemoteThread
LocalFree
lstrcpyA
lstrcpyW
InterlockedIncrement
LoadLibraryW
GetModuleHandleW
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
WaitForSingleObject
CreateThread
OpenProcess
GetModuleFileNameW
FreeLibrary
InterlockedDecrement
GetProcAddress
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
CopyFileW
GetTickCount
TlsSetValue
CreateEventW
LoadLibraryExA

user32

SendMessageA
ShowWindow
MoveWindow
SetWindowTextW
SetWindowTextA
wsprintfW
SetDlgItemTextW
GetClientRect
GetWindowRect
GetDlgCtrlID
GetWindowLongW
GetParent
ClientToScreen
SetWindowLongW
CallWindowProcA
PostMessageA
LoadCursorW
GetMessageW
PeekMessageW
MessageBoxW
IsRectEmpty
RegisterClassExW
GetClassInfoExW
SetClassLongA
CopyRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CharUpperW
IsWindow
GetDlgItem
InvalidateRect
InflateRect
SetLayeredWindowAttributes
LoadImageW
GetWindowRgn
MessageBeep
GetActiveWindow
IsDialogMessageW
IsDialogMessageA
SetDlgItemInt
GetKeyState
SetForegroundWindow
GetDlgItemTextA
SetClassLongW
RemovePropW
FrameRect
DrawFrameControl
AllowSetForegroundWindow
DeferWindowPos
DrawEdge
MsgWaitForMultipleObjects
PeekMessageA
PostThreadMessageA
SetParent
GetDlgItemTextW
GetScrollInfo
GetMenuState
SetMenuItemInfoW
EnableMenuItem
DeleteMenu
TrackPopupMenu
InsertMenuItemA
CreatePopupMenu
DestroyMenu
GetMenuItemID
SetMenuInfo
GetMenuInfo
IsMenu
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
CharLowerBuffA
EnableWindow
IsDlgButtonChecked
CheckDlgButton
GetUpdateRect
GetCapture
DispatchMessageA
DispatchMessageW
TranslateMessage
ReleaseCapture
GetMessageA
SetCapture
SetActiveWindow
EndPaint
BeginPaint
SetRect
OffsetRect
DrawIconEx
GetIconInfo
DestroyIcon
GetMenuItemRect
FillRect
UnregisterClassA
CheckMenuItem
GetMenuItemInfoW
GetMenuItemCount
FindWindowExW
GetWindowThreadProcessId
GetForegroundWindow
GetWindowTextLengthW
SendMessageW
EndDialog
FindWindowW
GetWindowTextW
GetAsyncKeyState
GetMenuItemInfoA
GetSystemMetrics
SetWindowRgn
RegisterWindowMessageA
GetClassNameW
DestroyWindow
CreateWindowExW
SetWindowLongA
GetWindowLongA
GetDesktopWindow
IsChild
GetFocus
KillTimer
GetSysColor
IsWindowUnicode
PostMessageW
SetWindowPos
RegisterClassW
GetClassInfoW
SetTimer
SetFocus
PtInRect
ScreenToClient
GetCursorPos
IsWindowVisible
SetRectEmpty
CallWindowProcW
GetPropW
SetPropW
DefWindowProcW
LoadCursorA
SetCursor
ReleaseDC
DrawTextW
GetDC
SystemParametersInfoW
DrawFocusRect
DialogBoxParamW
CreateDialogParamW
SendInput
IsIconic
GetLastInputInfo
RegisterWindowMessageW
MonitorFromRect
GetMonitorInfoA
EnumChildWindows
EnumWindows
GetClassNameA
SendMessageTimeoutA
DefWindowProcA

gdi32

StretchBlt
SetStretchBltMode
GetStretchBltMode
GetObjectW
FrameRgn
OffsetRgn
SetRectRgn
ExcludeClipRect
TextOutW
SetTextAlign
GetPixel
CombineRgn
BitBlt
CreateCompatibleBitmap
Polygon
GdiFlush
SetPixel
GetObjectA
GetTextAlign
GetLayout
GetTextExtentPoint32W
Rectangle
DeleteDC
CreateCompatibleDC
SetBkColor
CreateSolidBrush
CreateFontIndirectW
CreateRectRgn
DeleteObject
LineTo
MoveToEx
SelectObject
CreatePen
SetWindowOrgEx
GetWindowOrgEx
SetTextColor
SetBkMode
GetStockObject
RoundRect
GetDeviceCaps
PtInRegion
GetTextColor
SetLayout
SelectPalette
RealizePalette
PlgBlt
GetBkMode
GetBkColor
CreateDCW
GetDIBits

comdlg32

GetOpenFileNameW

advapi32

CryptDestroyHash
RegSetValueExW
RegCloseKey
RegDeleteKeyW
RegOpenKeyExA
RegDeleteKeyA
OpenProcessToken
DeleteAce
LookupAccountSidW
GetAce
GetNamedSecurityInfoW
SetEntriesInAclA
SetNamedSecurityInfoW
CryptAcquireContextA
RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
ConvertSidToStringSidA
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
CreateProcessAsUserW
GetLengthSid
SetTokenInformation
ConvertStringSidToSidW
DuplicateTokenEx
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorA
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
RegCreateKeyExW

shell32

SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteExW
ShellExecuteW

ole32

OleInitialize
CoUninitialize
IIDFromString
OleUninitialize
CLSIDFromString
CoCreateInstance
StringFromGUID2
CoInitializeEx
CreateStreamOnHGlobal
CoTaskMemFree
CoInitialize
StringFromIID
CoSetProxyBlanket
CoInitializeSecurity
CoCreateGuid
CoGetMalloc

oleaut32

SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
SafeArrayPutElement
SafeArrayCreateVector
SysAllocString
SysFreeString
CreateDispTypeInfo
VariantCopy
VariantInit
SafeArrayGetUBound
VariantChangeType
SysAllocStringByteLen
SysStringLen
VarBstrCmp
SysAllocStringLen
OleLoadPicture
VariantClear
SysStringByteLen

psapi

GetProcessMemoryInfo
EnumProcesses
GetModuleBaseNameW
GetModuleFileNameExW
EnumProcessModules
GetProcessImageFileNameW

shlwapi

PathFindFileNameW
SHDeleteKeyA
UrlEscapeW
PathFileExistsW
StrCpyW

dnsapi

DnsQuery_A

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

DLLOnUninstallEraseAll
DllAddInstalltionGlobalKey
DllBrowserSearchProtectorRevert
DllCallInstallerService
DllCanUnloadNow
DllCleanEnableExtensionDoing
DllConnectToIE
DllDeleteOldName
DllEnableExtension
DllExpireSocialCookies
DllGetClassObject
DllGetInstallFileNameExt
DllGetInstallFileNameExtW
DllGetInstallationId
DllGetMachineID
DllHandleUserID
DllHomePageProtectorRevert
DllModifySearchEngine
DllModifySearchEngineNonSilent
DllModifySearchEngineSilent
DllOnUninstall
DllOnUpdateFinish
DllProxyRegisterEngineEmbeddedUpdate
DllProxyRegisterServer
DllProxyUnregisterServer
DllRegisterEngineEmbeddedUpdate
DllRegisterServer
DllRevertIENewTabBehaviour
DllRunIEMediumIntegrity
DllRunNonSilentInstall
DllSendAutoUpdateRevertLog
DllSendHomepageSetUsage
DllSendInstallationUsage
DllShowUninstallDialog
DllSingleComponentInstall
DllUnblockToolbarIfNeeded
DllUpdate
DllVerifyEnableExtension
DllWriteSocialCookies

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 817KB - Virtual size: 816KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 185KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 474KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 299KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_89_
.exe windows:5 windows x86 arch:x86

7b25d62fac6a93a74552bdc3dd699b98

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:f2:3d:cc:93:55:ab:6d:73:01:69:23:5b:cc:8c:e8:25:b7:8e:77
Signer

Actual PE Digest

77:f2:3d:cc:93:55:ab:6d:73:01:69:23:5b:cc:8c:e8:25:b7:8e:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Conduit\RnD\Client\IE\Dev\6.12\6.12.0\ToolbarHelper\Release\ToolbarHelper.pdb

Imports

kernel32

GetCommandLineW
LocalFree
LoadLibraryW
GetProcAddress
FreeLibrary
WideCharToMultiByte
WriteConsoleW
SetStdHandle
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetLastError
SetLastError
GetCurrentThreadId
MultiByteToWideChar
HeapFree
HeapAlloc
RaiseException
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
Sleep
RtlUnwind
GetStringTypeW
LCMapStringW
LoadLibraryExW
OutputDebugStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapReAlloc
SetFilePointerEx
HeapSize
CloseHandle
CreateFileW

shell32

CommandLineToArgvW

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GottenAppsContextMenu.xml
OtherAppsContextMenu.xml
SharedAppsContextMenu.xml
ToolbarContextMenu.xml
toolbar.cfg
uninstall.exe
.exe windows:5 windows x86 arch:x86

90fd9913477b4e5a735366c9d47ba519

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f3:d2:88:de:59:c5:15:66:d9:13:57:20:42:48:36:20:a7:91:b7:0e
Signer

Actual PE Digest

f3:d2:88:de:59:c5:15:66:d9:13:57:20:42:48:36:20:a7:91:b7:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Conduit\RnD\Client\IE\Dev\6.11\6.11.0\Setup\NSIS-SetupSource\uninstall.pdb

Imports

kernel32

LeaveCriticalSection
MultiByteToWideChar
EnterCriticalSection
DeleteCriticalSection
GetFileSize
FindFirstFileW
GetSystemTimeAsFileTime
WideCharToMultiByte
CreateFileW
GetLastError
FindClose
WriteConsoleW
SetFilePointerEx
SetStdHandle
CloseHandle
GetShortPathNameW
GetProcAddress
GetLongPathNameW
GetModuleFileNameW
LoadLibraryW
WaitForSingleObject
CreateProcessW
FreeLibrary
ReadFile
HeapFree
OutputDebugStringW
LCMapStringW
EncodePointer
DecodePointer
HeapAlloc
HeapReAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
InterlockedDecrement
ExitProcess
GetModuleHandleExW
HeapSize
Sleep
InterlockedIncrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
GetStringTypeW
RaiseException
GetProcessHeap
GetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

2c:d5:30:ef:28:e8:b2:97:5c:4c:23:9b:65:df:57:e5:10:ed:87:4fSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 4.0MB

.rsrc Size: 4KB - Virtual size: 3KB

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: - Virtual size: 48B

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 590B

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:ddCertificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

2c:d5:30:ef:28:e8:b2:97:5c:4c:23:9b:65:df:57:e5:10:ed:87:4f
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 4.0MB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 48B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 590B

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

b7:bf:05:61:32:c1:22:f2:b3:29:a4:ee:19:08:a6:67:df:9b:00:9f
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 452KB

.ndata
Size: - Virtual size: 1.0MB

.rsrc
Size: 3KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

25:cc:a5:24:8b:f6:3f:d7:e8:f0:66:8a:50:51:b3:bc:7c:15:da:0f
Signer

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 5KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB